Databases and their database management system (DBMS) counterparts have evolved to facilitate designing, building, and maintaining complex information systems, but databases and DBMSs themselves have also evolved into quite complex systems. The size, capabilities, and performance of databases and DBMSs have grown by orders of magnitude along with the progress of technology in the areas of processors, computer memory, computer storage, and computer networks.
Databases often contain sensitive data, which usually resides within tables that can be used by various applications. Many types of controls can be implemented to protect databases (and the sensitive data within them). For example, network security measures may be used to guard against unauthorized external access, while database activity monitoring tools can be used to audit internal activity and guard against authorized access for unauthorized purposes. However, these controls may not be able to differentiate adequately between authorized and unauthorized access to sensitive data by an authorized user. A manual investigation is often necessary to determine if many activities are approved. Thus, significant challenges remain for designing and implementing systems and methods for securing database activity.